[英]docker login self hosted registry = x509: certificate signed by unknown authority
I am new to docker and trying to setup my registry for docker swarm.我是 docker 新手,正在尝试为 docker swarm 设置我的注册表。
I have three debian installations interacting with each other:我有三个相互交互的 debian 安装:
Trying to setup my database separate from my website and my registry separate too.尝试将我的数据库与我的网站和注册表分开设置。
My registry machine
also hosts a website let say vmreg.com
managed by letsencrypt
ssl certificates.我的registry machine
还托管了一个网站,比如说由vmreg.com
ssl证书管理的letsencrypt
。 I use this certificate to sign both my website and registry.我使用此证书来签署我的网站和注册表。
docker run -d --restart=always --name registry -v
$(pwd) /etc/letsencrypt/live/vmreg.com:/etc/letsencrypt/live/vmreg.com -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/vmreg.com/domain.crt -e REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/vmreg.com/domain.key -p 5000:5000 registry:2
docker run -d --restart=always --name registry -v
$(pwd) /etc/letsencrypt/live/vmreg.com:/etc/letsencrypt/live/vmreg.com -e REGISTRY_HTTP_ADDR=0.0.0.0:5000 -e REGISTRY_HTTP_TLS_CERTIFICATE=/etc/letsencrypt/live/vmreg.com/domain.crt -e REGISTRY_HTTP_TLS_KEY=/etc/letsencrypt/live/vmreg.com/domain.key -p 5000:5000 registry:2
On my database machine I can login just fine: echo "password" | docker login -u username --password-stdin vmreg.com:5000
在我的数据库机器上,我可以正常登录: echo "password" | docker login -u username --password-stdin vmreg.com:5000
echo "password" | docker login -u username --password-stdin vmreg.com:5000
but on my website machine
I get x509: certificate signed by unknown authority
when I try to login但是在我的website machine
上,我得到x509: certificate signed by unknown authority
当我尝试登录时
Only difference is that my website machine
also has its own letsencrypt
domain setup.唯一的区别是我的website machine
也有自己的letsencrypt
域设置。 I don't understand why I get this error.我不明白为什么我会收到这个错误。 Is it a possible conflict ?有可能发生冲突吗?
Solutions I found online all talk about copying certificates but 1) I have not copied any cert on my database machine
and 2) I don't understand why I would need to copy certificates from the registry server to a client;我在网上找到的解决方案都在谈论复制证书,但是 1)我没有在我的database machine
上复制任何证书,并且 2)我不明白为什么我需要将证书从注册表服务器复制到客户端; that makes no sense to me because what happens when I renew my certs这对我来说毫无意义,因为当我更新我的证书时会发生什么
but on my website machine I get x509: certificate signed by unknown authority when I try to login但是在我的网站机器上,我得到 x509: certificate signed by unknown authority 当我尝试登录时
I always had to follow " Verify repository client with certificates " when establishing a new Docker registry (usually one based on Nexus3 for instance).在建立新的 Docker 注册表(通常是基于Nexus3的注册表)时,我总是必须遵循“使用证书验证存储库客户端”。
That means:这意味着:
/etc/docker/certs.d$ mkdir vmreg.com
/etc/docker/certs.d$ cp /etc/letsencrypt/live/vmreg.com/domain.crt vmreg.com/
It looks like you're missing the latest certificate bundle, and LetsEncrypt had to update their root CA after their original provider's certificate expired .看起来您缺少最新的证书包,并且 LetsEncrypt 在其原始提供商的证书过期后不得不更新其根 CA。 This is normally handled on Debian by running:这通常在 Debian 上通过运行来处理:
apt-get update
apt-get install ca-certificates
However, if that doesn't solve it, it may be because of older versions of Debian.但是,如果这不能解决问题,可能是因为 Debian 的旧版本。 See this SF post that describes how to solve it.请参阅描述如何解决它的这篇 SF 帖子。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.